RE: Hacked NT/2K box

From: Chris Lynch, MCSE CCNAv2 (lynch00@msn.com)
Date: 07/24/01


From: "Chris Lynch, MCSE CCNAv2" <lynch00@msn.com>
To: "'H C'" <keydet89@yahoo.com>
Subject: RE: Hacked NT/2K box
Date: Mon, 23 Jul 2001 15:06:53 -0700
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAdIbHQDj1HEy4d8LgvrQfS8KAAAAQAAAAAptyL4wjpEGs1RrNcUFQ/QEAAAAA@msn.com>

I would have to dig it up somewhere. You can get the code from
http://neworder.box.sk. This is not by IIS, but rather to the security
risk via NetBIOS.

What I meant by "Windows NT has the capability for multiple shells/local
sessions" is that the NT Kernel can support it. The GUI just doesn't
have any way of switching between multiple sessions on a local NT
machine. The NT Kernel has always had this support, from version 4.

And, no. I haven't read anyone's article. I have just conversed with
other IT Professionals on the Net. They and I have concerns with the
home market. I have a concern with Microsoft's XP Personal firewall. I
know that IAS is a step above Proxy 2, but I haven't tested it out
myself.

When I find it, I'll forward it to you.

Chris Lynch

-----Original Message-----
From: H C [mailto:keydet89@yahoo.com]
Sent: Monday, July 23, 2001 1:36 PM
To: lynch00@msn.com; focus-ms@securityfocus.com
Subject: RE: Hacked NT/2K box

> Of course you can hack into an NT box like a
> Linux/UNIX box. I can
> generate code that will cause a buffer-overrun and
> will allow me Root
> like access (local/domain admin). I can then
> remotely install
> BackOrifice or some other trojan program.

Okay. Great. Can you show me? What code? Also, are
you refering to NT or IIS?
 
> Essentially, you are correct in saying that you
> cannot establish a
> remote console session. But you can with trojan
> programs. Well, NT
> has this capability built-in, but there isn't a way
> to exploit it
> unless you have Terminal Services installed and
> running.

NT doesn't come with Terminal Services by default.
You say that "NT has this capability built-in", and
then you say "there isn't a way to exploit it unless
you have Terminal Services installed and running." On
the face, that seems contradictory.
 
> Also, with XP being released, there would be no
> reason to say that a
> hacker wouldn't be able to use an XP box for DDoS
> attacks. Because
> XP will have RAW Sockets, instead of the
> conventional NT-based W32
> Sockets.

Ah, I see you've been reading Steve Gibson's page.
Win2K gives you access to raw sockets
programmatically, and it's already out.

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/



Relevant Pages

  • Terminal Services interferring with IIS5.0 ASP processing
    ... I've got a Windows 2000 server SP4 running IIS 5.0 ... I've just installed Microsoft Terminal Services v5.0 in administrator mode ... and now IIS won't process ASP pages. ... Terminal Servcies are uninstalled ASP pages work fine again. ...
    (microsoft.public.windows.terminal_services)
  • IIS5.0 ASP and terminal services problem
    ... I've got a Windows 2000 server SP4 running IIS 5.0 ... I've just installed Microsoft Terminal Services v5.0 in administrator mode ... and now IIS won't process ASP pages. ... Terminal Servcies are uninstalled ASP pages work fine again. ...
    (microsoft.public.inetserver.iis)
  • Re: Can not access my IIS 6.0 web page inside and outside the LAN
    ... IIS is working fine, since you can access it using the local machine. ... But, to be really sure that IIS is listening on port 80, you can write this ... Terminal Services should not have anything with this to do. ...
    (microsoft.public.inetserver.iis)
  • Re: cant start iis 5 and no metabase backup!
    ... I have no heard anything about TS and IIS. ... > We actually found that if we disabled terminal services (in remote ... > goes back to both iisadmin and task scheduler failing to start. ...
    (microsoft.public.inetserver.iis)